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CLIENT CHOOSES A SET OF VALUES 

FOR THE TRANSACTION. CLIENT 
GENERATES A RANDOM VALUE rc. IT 

ALSO CHOOSES A LARGE PRIME 
NUMBER p AND A PRIMITIVE ROOT g 
FOR GF(p). CLIENT THEN CHOOSES 
A LARGE RANDOM NUMBER 
INTEGER x, WHERE x<p-1, AND 
COMPUTES g x OVER GF(p) 
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THEN IT SENDS id, rc, p, g. AND 
g x TO THE SERVER, FOR 
EXAMPLE, BY MEANS OF 
AUTHENTICATION PROTOCOL 

APPLICATION 310 OF FIGURE 3 
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SERVER THEN CHOOSES A SET OF 
VALUES FOR THE TRANSACTION 
FOR GENERATING A CHALLENGE 

TOKEN. THIS INCLUDES 
GENERATING A RANDOM VALUE 
rs. IT ALSO INCLUDES CHOOSING 
A LARGE RANDOM INTEGER y, 
WHERE y<p-1 , AND COMPUTES 
g^ANDgxy OVER GF(p) 
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NEXT THE SERVER GENERATES A 
ONE-TIME CHALLENGE TOKEN AS 
FOLLOWS: CHALLENGE = rs©HASH 
(g x y, idpw_digest, rc). THE SERVER 
THEN SENDS THE CHALLENGE AND 
gV TO THE CLIENT. FOR EXAMPLE, 
USING AUTHENTICATION PROTOCOL 
APPLICATION 308 
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THE CLIENT THEN COMPUTES 
THE idpw_digest VALUE 
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FIG. 5 
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NEXT, IT RETRIEVES rs FROM THE 
RECEIVED CHALLENGE TOKEN AS 
FOLLOWS: rs=CHALLENGE+HASH 
(g x y, idpw_digest, rc) 
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THE CLIENT THEN SENDS id 
AND rs TO THE SERVER 
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518 

THE 

SERVER VERIFIES THAT 
THE RECEIVED rs IS THE SAME AS 
THE ONE IT GENERATED BY COMPARING 
THE TWO ("IS THE RECEIVED rs THE 
SAME AS THE GENERATED 
rs?") 



YES 



OTHERWISE, THE USER IS 
AUTHENTICATED AND THE SERVER 
GENERATES A ONE-TIME 
AUTHENTICATION TOKEN AS 
FOLLOWS: ser_auth_token=HASH 
(g x y, idpw digest, rc, rs) 
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THE SERVER THEN SENDS 
ser_auth_token TO THE CLIENT 
GIVING IT PERMISSION TO 
ACCESS THE SERVER 
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FINALLY, THE CLIENT THEN VERIFIES 
THE VALIDITY OF ser_auth_token 
RECEIVED FROM THE SERVER 
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IF THEY DIFFER, THE SERVER 
SENDS A MESSAGE DENYING THE 
CLIENT ACCESS TO THE SERVER 
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CLIENT CHOOSES A SET OF VALUES 

FOR THE TRANSACTION. THESE 
CHOICES INCLUDE THE FOLLOWING 
ACTIONS: THE CLIENT GENERATES 

A RANDOM VALUE rc. IT ALSO 
CHOOSES A LARGE PRIME NUMBER 
p AND A PRIMITIVE ROOT g FOR 
GF(p). CLIENT THEN CHOOSES A 
LARGE RANDOM NUMBER INTEGER 
x, WHERE x<p-1 , AND COMPUTES 
gX OVER GF(p). 



THEN IT SENDS id, rc, p, g, 
AND g x TO THE SERVER 

—? 
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THE SERVER THEN CHOOSES A SET 
OF VALUES FOR THE TRANSACTION 
FOR GENERATING A CHALLENGE 
TOKEN, AS FOLLOWS: THIS 
INCLUDES GENERATING A RANDOM 
VALUE rs. IT ALSO INCLUDES 
CHOOSING A LARGE RANDOM 
INTEGER y, WHERE y<p-1, AND 
COMPUTES g VAND g x y OVER GF(p). 
NEXT, THE SERVER GENERATES A 
ONE-TIME CHALLENGE TOKEN AS 
FOLLOWS: CHALLENGE=rs©HASH 
(gxy, idpw_digest, rc). THE SERVER 
THEN SENDS THE CHALLENGE AND 
gy TO THE CLIENT 
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FOR EXAMPLE, USING 
AUTHENTICATION PROTOCOL 
APPLICATION 308 
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THE CLIENT THEN COMPUTES 
THE idpw_digest VALUE 
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FIG. 7 A 
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NEXT, IT RETRIEVES rs FROM THE 
RECEIVED CHALLENGE TOKEN AS 
FOLLOWS: rs=CHALLENGE©HASH 
(g x y, idpw_digest, rc) 
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THE CLIENT THEN SENDS id 
AND rs TO THE SERVER 
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718 

THE 

SERVER VERIFIES THAT 
THE RECEIVED rs IS THE SAME AS" 
THE ONE IT GENERATED BY COMPARING 
THE TWO ("IS THE RECEIVED rs THE 
SAME AS THE GENERATED 
rs?") 



YES 



OTHERWISE, ("YES"), THE USER IS 
AUTHENTICATED AND THE SERVER 
GENERATES A ONE-TIME 
AUTHENTICATION TOKEN AS FOLLOWS: 
ser_auth_token = HASH 
(g x y, idpw_digest, rc, rs) 
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THE SERVER THEN SENDS 
ser_auth_token TO THE CLIENT GIVING IT 
PERMISSION TO ACCESS THE SERVER 



TO 
FIG. 7B 
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IF THEY DIFFER ("NO"), THE SERVER 
SENDS A MESSAGE DENYING THE 
CLIENT ACCESS TO THE SERVER 
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FROM 
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FINALLY, THE CLIENT THEN VERIFIES THE VALIDITY OF 
ser_auth_token RECEIVED FROM THE SERVER. IF THE SERVER'S 
AUTHENTICATION TOKEN IS VALID, THE CLIENT GENERATES THE 
NEW PASSWORD DIGEST VALUE idpw_digest_new. NEXT THE CLIENT 

GENERATES ONE-TIME MASK AND MAC VALUES AS FOLLOWS: 
MASK=HASH(g x y,rc,rs), MAC=HASH(g X V idpw_digest_new, rc, rs) 
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THEN, THE CLIENT GENERATES A masked_ldpw_digest_new VALUE AS 
FOLLOWS: masked_idpw_digest _new= MASKED©idpw_digest_new 



730 N THE CLIENT SENDS id, masked_idpw_digest_new, AND MAC TO THE SERVER 
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THE SERVER VERIFIES THE VALIDITY OF THE RECEIVED MAC 
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IF THIS IS VALID, THE SERVER SENDS A MESSAGE TO 
THE CLIENT ACCEPTING THE PASSWORD CHANGE 
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OTHERWISE, IT SENDS A MESSAGE REJECTING THE PASSWORD CHANGE 
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THE PASSWORD ACCEPT OR REJECT MESSAGE SENT FROM THE 

SERVER TO THE CLIENT CONTAINS A PROTECTED RESPONSE 
CALLED CODE WHERE CODE=HASH(g ^ idpw_digest, FLAG, rc, 
rs). THE FLAG HERE IS SET TO EITHER "ACCEPT" OR "REJECT" 

DEPENDING ON WHETHER THE PASSWORD CHANGE IS 
ACCEPTED OR REJECTED. TO RETRIEVE idpw_digest_new, THE 
SERVER GENERATES THE MASK AS IN PREVIOUS STEPS AND 
EXCLUSIVE-ORS IT WITH THE RECEIVED masked_idpw_digest_new 
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IF THE MAC IS VALID, THE SERVER REPLACES idpw_digest WITH 
THE NEW PASSWORD DIGEST VALUE (i.e., idpw_digest_new) 



FIG. 7B 



